Popular White Paper On This Topic

Hi,
Your referring to 802.1x used in conjunction with a RADIUS server to
provide
a Common Policy for connection. The authentication server can be built
using FreeBSB/Radius server on LINUX and both pieces of software are
free to
use.

The only way I know of doing that reliably, other than limiting your
admin ips to particular switch ports and using port security, would be
to implement NAC of some flavor. Cisco Clean Access is the Cisco
variety. There is an open source option in OpenNAC
(http://sourceforge.net/projects/opennac/) that should also be able to
do what you are asking for. NAC solutions tend to be considerably
complicated and potentially quite expensive, though.

There is a light at the end of the tunnel. By using VMPS you can dynamicall
y control which VLAN a PC belongs to. But to make sure this works, you will
have to isolate the admin network to be its own subnet(VLAN) and all other u
sers to be on a separate subnet(VLAN). When a PC/Laptop connects to a switch
port setup as a dynamic VLAN port, the port receives its VLAN assignment fr
om a TFTP server based on the MAC address of the PC/Laptop. If a normal user
attempts to connect with an admin IP address, he would not route anywhere.
since the assigned VLAN would be on a different subnet.